230 likes | 357 Views
NetScreen Technologies. Security Solutions the NetScreen Way Peter Crowcombe – EMEA Marketing Manager. Agenda. About NetScreen Security Innovation Unique Architectures Threats and Responses VPN leadership Total cost of ownership The future of security. About NetScreen.
E N D
NetScreen Technologies Security Solutions the NetScreen Way Peter Crowcombe – EMEA Marketing Manager
Agenda • About NetScreen • Security Innovation • Unique Architectures • Threats and Responses • VPN leadership • Total cost of ownership • The future of security
About NetScreen • Leading supplier of network security solutions for large scale and high capacity enterprise and carrier networks • Integrated firewall, VPN and traffic management • Leading market share • #1, #2 or #3 in key VPN and firewall categories* * Based on data from Dataquest/Gartner Group, Infonetics Research, International Data Corp.
NetScreen Innovation NetScreen firsts: • An integrated Firewall and VPN appliance with ASIC acceleration for FW AND VPN • Virtual system architecture • With separate policy tables, addressing and management • Integrated active-active, full mesh, stateful High Availability • Ship Gigabit Firewall & VPN appliance • Ship 4 Gigabit Firewall appliance
Resulting in NetScreen Delivering Industry-Leading Growth $ Millions $29.0
Global PRO Optimized Security Platform Optimized Security Platform ScreenOS ScreenOS ScreenOS GigaScreen ASIC GigaScreen ASIC GigaScreen ASIC Superior Security, Performance and Economics compared with software/processor based architectures Unique Solution & Technology Platform GigaScreen ASIC
GigaScreen-II ASIC Technology Management module • GigaScreen-II is a security processor • Breakthrough performance • 2 Gbps firewall; 1 Gbps VPN • Massive scalability • Linear scalability when connected to a switched backplane • Complete security processing • Complete packet processing with little to no CPU intervention • Programmability • Ability to add packet classification and content inspection engines CPU Data Exchange (first packet, IKE etc) Control GigaScreen-II ASIC / Flow Processor Flow Traffic
NetScreen-5000 Chassis Architecture Back plane 32 bit - Bus 0 • Dual Bus Architecture • Control Traffic between GigaScreen-II and Management Module • Data Exchange between the Management Module and the GigaScreen-II via Dual Access High Speed RAM (SRAM) • 15 Gigabit switch fabric and Multiple Module Slots (5400) • Slots for Multiple Secure Port Modules or additional new modules • Packet Flow Traffic between Secure Port Modules or Future modules 64 bit - Bus 1 15 Gbps switch fabric Secure Port Module Future Tech. Modules Secure Port Module Mgmt Module Flow Control First Packet, IKE, etc
Comprehensive Product Line Enterprise Telecommuter Network core Central Site Medium Site Small Office NetScreen-500 NetScreen-5XT NetScreen-50 NetScreen-5000 Series NetScreen-5XP NetScreen-25 NetScreen-200 Series NetScreen -Remote NetScreen-1000 NetScreen-Global PRO NetScreen-Global PRO Express
Security Deployment Drivers Source Infonetics 2002
Security Threats Are Growing Security Incidents Reported to CERT 60,000 • Outside attacks that compromise perimeter security • Denial of service, VPN U-turn attacks • Trojan horse attacks that penetrate the enterprise • New application requirements • Segmentation of departmental resources • Wireless LANs 2001: 52,000+ incidents (Code Red, Nimda) 50,000 40,000 30,000 # of incidents 20,000 1988: 6 incidents (Kevin Mitnick) 10,000 0 Computer Emergency Response Team (CERT) is a federally funded research and development center specializing in Internet security operated by Carnegie Mellon University.
Unauthorized Personnel Unauthorized Wireless User Compromised Computer Worms / Compromised Server Unauthorized Wireless User Trojans / Disgruntled / Dishonest Employee Security Threats Regional Office Branch Office VPN ((( VPN Internet Telecommuter VPN Firewall VPN ((( DMZ Servers Finance Servers
OR Security Domains Integrated FW/VPN with attack blocking and user authentication Branch Office Regional Office Telecommuter (((( Wireless VPN - Client Internet Notebook & PDA (VPN) Greater Segmentation & Policy Control Internal / External threats treated equally Web Wireless (((( Admin (((( DMZ VPN - Client E-mail Finance Central Site
Paybacks and Benefits of VPNs Q. On a scale of 1 to 7, where 1 is “not important” and 7 is “extremely important,” please rate the importance of the following expected paybacks and benefits in your decision to implement VPNs: 57% Increased security 45% Dial-up or dedicated connection cost savings Increased bandwidth using VPNs with DSL, cable, or broadband wireless 44% 43% Reduction of operation and management costs Ability to quickly add remote access users, sites, or extranet partners 42% 41% Improved communications with customers 41% Increased geographic coverage 34% Any to any connectivity 32% Increased network uptime 17% Ability to carry voice over IP Source Infonetics 2002
Mobile VPN Small site, Temp site VPN Intranet VPN Partner A Partner B Partner C Home GPRS Internet Content GRX Remote Access Content Ser AV Services IDS Services Application Ser Overseas GPRS Leaders in VPN technology MPLS Data Centre /SP NOC
Legacy Network IPNetwork Change Scenario A: Direct One-to-One Comparison Small Site Bandwidth (8 sites) 56-64 Kbps 56-64 Kbps No Change Monthly Cost/Site $280 $75 Save $205 Medium Site Bandwidth (2 sites) 384 Kbps 384 Kbps No Change Monthly Cost/Site $1,150 $190 Save $960 Central Site Bandwidth (1 site) T-1 T-1 No Change Monthly Cost/Site $3,275 $1,570 Save $1,705 Total Annual Costs $93,780 $30,600 Save $63,180 Time to pay back initial hardware investment ($6,000 to $10,000): 1.1 – 1.9 Months Frame to IP VPN Migration ScenariosApples to Apples – Equal Bandwidth The initial hardware purchase is based on average pricing for NetScreen appliances while the bandwidth rates are based on averages derived from multiple carrier offerings. This example does not include network management, installation expense, time to migrate multiple networks, etc. Source: TeleChoice – Building the business case for IP VPNs
Firewall Features Source Infonetics 2002
Milestones • 1st device that detects and prevents attacks by dropping malicious packets (patent pending) • 1st to implement Multi-Method Detection to maximize attack detection • 1st to utilize Stateful Signature Detection to help reduce false alarms • 1st centralized, rule-based management of intrusion detection and prevention IDP - The future of security • Definitive agreement to acquire OneSecure for $40.3 million • Innovative intrusion detection and prevention appliance accurately detects attacks, stops attacks and is easy to manage • Immediately address IDS market with intrusion prevention products • The best technology, architecture and people to accelerate NetScreen’s delivery of next generation integrated security gateway and management
HR Servers Users FinanceServers WebServer MailServer User CodeRed Firewall Intrusion Prevention - OneSecure • Innovative intrusion prevention and detection product • Improved intrusion detection accuracy, reducing false alarms and detecting more attacks • Multi-Method Detection • Stateful Signatures • True attack prevention to eliminate impact of attack • In-line operation
Intrusion Detection strategies Source Infonetics 2002
Phase II: 1H03 Phase III Integrate key IDP features into ScreenOS. New processing blade NS-5000 Develop silicon & hardware for next- generation platforms Enhance IDP Enhance IDP Integrate management platforms Enhance Management Intelligence NetScreen-OneSecure Integration Plan Phase I: At Close Introduce & Re-brand OneSecure IDP. Scale performance to gigabit levels Introduce & Re-brand OneSecure IDP Management
Innovation in the Security market “Gartner believes that the primary security gateway, the firewall, should provide for this in-line inspection and action taking. Thus, we see this move by NetScreen as the first market move toward fulfilling our vision of firewalls that look deeper into packet streams and make higher-level decisions. Enterprises will need this capability to implement strong, application-aware edge security on a variety of security platforms..” Gartner Group August 27, 2002